with clearly defined operational procedures to serve as guidance. Furthermore, implementation is reviewed regularly to ensure compliance with such rules, regulations, policies, and manuals. GC has implemented SAP GRC – Access Control to control crucial processes to ensure that SAP operating system access rights are in accordance with best practices on the segregation of duties. GC also uses automated audit to detect and follow up on irregular transactions and notify designated officers to promptly rectify problematic transactions. Moreover, GC has continuously introduced digital tools to enhance operational efficiency and effectiveness, ensuring accuracy, precision and transparency. For instance, the implementation of Robotics Process Automation (RPA) in the procurement process, and blockchain technology in bank guarantees, accounts payable, and accounts receivable, significantly minimizes time, work processes, and errors. In 2023, GC developed a Vendor Management System (VMS) to centralize vendors management activities, covering tasks from registration and evaluation to the monitoring of improvements. Additionally, GC has developed a Purchase Order Tracking Web Application for accurate, complete and effective tracking of order statuses. GC has appointed the Information Security Management System Committee (ISMSC) to supervise and support operations and ensure compliance with ISO/IEC 27001 and ISO/IEC 27701 standards, as well as to oversee the development of information security, cyber security, and cloud security frameworks that meet in t ernational standards. The committee is also tasked with establishing an Information Technology Security Policy, which encompasses robust IT general controls for the development and significant computer system changes. This po l icy also emphasizes the importance of data backup, data recovery, and regular testing. I n addition, GC conducts assessment in adherence to the NIST Cybersecurity Framework (CSF), wh ich assists organizations in planning timely threat prevention, detection, and response without interrupting the business operation. Furthermore, GC regularly organizes cyberthreat prevention training sessions and issues communications to all employees to update its data security standards. In 2023, GC performed a vulnerability test at the application level to identify potential vulnerabilities that might lead to system attacks or takeovers. GC has developed the governance process “GC Way of Conduct” which is regularly communicated to and the implementation of whi ch is regularly monitored among subsidiaries in GC Group, to ensure compliance with GC’s policies, guidelines, and business strategies. Assessme nts are conducted to evaluate the effect i veness of the implementation and identify area s for further improvement. The progress of thi s program is regular ly reported to top management for acknowledgment. In 2023, GC developed a GC Way of Conduct Webpage, serving as a central hub for learning and data collection for GC Group subsidiaries in Thailand and abroad. 4. Information and Communication GC values the qual i ty of i ts inf ormat ion and communication systems, which play a vital role in supporting the effectiveness of its Internal Control Sys t em. GC’ s approach to i n forma t i on and communication management is detailed below. 225 PTT GLOBAL CHEMICAL PUBLIC COMPANY LIMITED Form 56-1 One Report 2023
RkJQdWJsaXNoZXIy ODg4NTI=